Data Protection

Lua CRM is committed to protecting personal data and ensuring the confidentiality, integrity, and availability of all information processed through our platform. This Data Protection page describes the technical, organizational, and legal measures implemented to safeguard data in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR).

Depending on the context:

• Lua CRM acts as a Data Controller for its own operational data.
• Lua CRM acts as a Data Processor for customer-uploaded data processed within the CRM.
• Customers remain responsible for the lawfulness of data they collect and process using Lua CRM.

• Primary data hosting: Germany (Hetzner)
• Secure cloud infrastructure within the European Union
• Redundant systems and monitored environments

Data is stored and processed in compliance with EU data protection standards.

Lua CRM applies industry-standard security practices, including:

• Encrypted data transmission (TLS/HTTPS)
• Encrypted credentials and access tokens
• Role-based access control (RBAC)
• Secure authentication and authorization
• Protection against unauthorized access
• Logging and monitoring of system activity

• Access to data limited to authorized personnel only
• Confidentiality obligations for employees and contractors
• Internal security policies and procedures
• Regular review of access permissions

Lua CRM uses AI technologies to enhance productivity and automation.

Safeguards include:

• AI processing only within user-defined scopes
• No resale of customer data
• No use of customer data to train public AI models
• Isolation of customer environments where applicable

When used by medical or dental organizations, Lua CRM may process sensitive personal data.

Additional safeguards include:

• Restricted access controls
• Secure storage and transmission
• Processing strictly under customer instructions
• Compliance with GDPR Article 9 requirements

Customers are responsible for ensuring lawful grounds for processing medical data.

Lua CRM uses vetted third-party processors, including:

• Cloud infrastructure providers
• Payment processors
• Authentication services
• Communication providers

All processors are bound by contractual data protection and confidentiality obligations.

In the event of a personal data breach:

• Lua CRM will promptly investigate the incident
• Affected customers will be notified without undue delay
• Regulatory authorities will be notified where legally required
• Mitigation measures will be applied immediately

Lua CRM supports customers in fulfilling data subject rights, including:

• Access
• Rectification
• Erasure
• Restriction
• Data portability

Requests can be submitted via: [email protected]

• Data is retained only as long as necessary
• Customers control retention of their CRM data
• Secure deletion procedures are applied upon request or contract termination

Lua CRM aligns with:

• GDPR
• EU data protection principles
• Industry best practices for SaaS platforms

Formal certifications may be added as the platform evolves.

For data protection inquiries: